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IN THE CLAIMS 

1. (Currently Amended) A method for evaluating occurity 
executed to a oyotc m security applied to a system constituted 
by at least one component, by the use of an electronic 
computer, the method comprising steps of: 

a first step of accepting a first specification of a 
system to be evaluated and a second specification of each of 
the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
type of system typoo , and of reading out security 
countermeasures to be executed to the components constituting 
the syste m to be — evaluated which are specified by the second 
specification, out of the constituent components of the system 
type, the system type corresponding to that of the system-fee 
be evaluated which is specified by the first specification; 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
in the second step in correspondence with each of the 
components constituting the system to be evaluated which are 
specified by the second specification and of accepting from 
the operator via the input unit, information as to whether or 



3 



Serial No. 09/628,108 TSM-13 

not each of the security countermeasures being displayed is 
executed; and 

a fourth step of evaluating a state of security of the 
syste m to be evaluated , based on the information that 
regarding whether the security countermeasures of the 
components constituting the syste m to bo evaluated are 
executed or not, the information being accepted in the third 
step, and of displaying evaluation results on the display 
unit . 

2. (Original) A method for evaluating security as 
claimed in claim 1, wherein 

the database describes, as to each of the security 
countermeasures, a security type ensured by executing the 
security countermeasure concerned, and wherein 

the fourth step includes steps of: 

classifying the security countermeasures , which are read 
out in the second step, into the security types; 

determining, as to each of the security types, the ratio 
of the number of security countermeasures accepted as executed 
in the third step, to the number of security countermeasures 
classified into the security type concerned; and 
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displaying on the display unit the ratio for each of the 
security types as the degree of accomplishment of the security 
countermeasures classified into the security type concerned. 

3. (Original) A method for evaluating security as 
claimed in claim 1, wherein 

the database describes, as to each of the security 
countermeasures, a security type ensured and the degree of 
risk avoided, by executing the security countermeasure 
concerned, and wherein 

the fourth step includes steps of; 

classifying the security countermeasures, which are read 
out in the second step, into the security types; 

determining, as to each of the security types, the total 
sum of the degrees of risks corresponding to the security 
countermeasures accepted as non-executed in the third step, 
out of the security countermeasures classified into the 
security type concerned; and displaying on the display unit 
the total sum of the degrees of risks for each of the security 
types as the degree of the remaining risk of the security 
countermeasures classified into the respective security types. 

4. (Original) A method for evaluating security as 
claimed in claim 1, wherein 
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the database describes, as to each of the security 
countermeasures, a security type ensured and a cost required, 
by executing the security countermeasure concerned, and 
wherein 

the fourth step includes steps of: 

classifying the security countermeasures, which are read 
out in the second step, into the security types; 

determining, as to each of the security types, the total 
sum of the costs corresponding to the security countermeasures 
accepted as executed in the third step, out of the security 
countermeasures classified into the security type concerned; 
and displaying on the display unit, the total sum of the costs 
for each of the security types as the required cost of the 
security countermeasures classified into the security type 
concerned. 

5 . (Currently Amended) A method for evaluating security 
as claimed in claim 1, wherein 

the database describes, as to each of the security 
countermeasures, a security level ensured by executing the 
security countermeasure concerned, and wherein 

the first step includes a step of accepting from the 
operator via the input unit, a third specification of the 
security level of the system to be evaluated in addition to 
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the first specification of the system to be evaluated and the 
second specification of the components constituting the 
system, and wherein 

the second step includes a step of reading out from the 
database, the security countermeasures to be executed to 
components constituting the system to be evaluated , which are 
specified by the second specification, out of the constituent 
components of the system type corresponding to that of the 
system which is specified by the first specification, each of 
the security countermeasures having a level not higher than 
the security level specified by the third specification. 

6. (Currently Amended) A method for evaluating security 
as claimed in claim 1, where in 
the first step includes, 

steps of reading out all of the system types described in 
the database, displaying them on the display unit, and 
accepting from the operator via the input unit a specification 
of any one of the system types being displayed, as the first 
specification of the syste m to be evaluated , and 

steps of reading out from the database all of the 
constituent components of the system type specified by the 
first specification, displaying them on the display unit, and 
accepting from the operator via the input unit, information as 
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to whether or not each of the constituent components being 
displayed ieare used in the syste m to be evaluated , as the 
second specification of each of the components constituting 
the system to be evaluated . 

7. {Currently Amended) A storage medium in which a 
program for making an electronic computer evaluate security of 
a system constituted by at least one component is stored, the 
program making the electronic computer execute steps of: 

a first step of accepting a first specification of a 
system to be evaluated and a second specification of each of 
the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
type of system typco , and of reading out security 
countermeasures to be executed to the components constituting 
the system to be evaluated which are specified by the second 
specification, out of the constituent components of the system 
type, the system type corresponding to that of the syste m to 
be evaluated which is specified by the first specification; 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
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in the second step in correspondence with each of the 
components constituting the syste m to bo evaluated which are 
specified by the second specification and of accepting from 
the operator via the input unit information as to whether or 
not each of the security countermeasures being displayed is 
executed; and 

a fourth step of evaluating a state of security of the 
system to be evaluated , based on the information that regarding 
whether the security countermeasures to the components 
constituting the syste m to be evaluated are executed or not, 
the information being accepted in the third step, and of 
displaying evaluation results on the display unit. 

8. (Currently Amended) A program for making an 
electronic computer evaluate security of a system constituted 
by at least one component, the program making the electronic 
computer execute steps of : 

a first step of accepting a first specification of a 
system to be evaluated and a second specification of each of 
the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
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type of system typco , and of reading out security 
countermeasures to be executed to the components constituting 
the system to be evaluated which are specified by the second 
specification, out of the constituent components of the system 
type, the system type corresponding to that of the syste m to 
be evaluated which is specified by the first specification; 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
in the second step in correspondence with each of the 
components constituting the system to be evaluated which are 
by the second specification, and of accepting from the 
operator via the input unit, information as to whether or not 
each of the security countermeasures is executed; and 

a fourth step of evaluating a state of security of the 
system to be evaluated , based on the information that regarding 
whether the security countermeasures to the components 
constituting the syste m to be evaluated are executed or not, 
the information being accepted in the third step, and of 
displaying evaluation results on the display unit. 

9. (Currently Amended) A security evaluation apparatus 
for evaluating occurity executed to a oyotcm security applied 
to a system constituted by at least one component, comprising: 
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a database in which constituent components and security 
countermeasures to be executed to the constituent components 
are described for each type of syste m typco ; 

a first specification accepting unit for reading out and 
displaying all of the system types described in the database 
and accepting a specification of any one of the system types 
being displayed, as a first specification of a system to be 
evaluated from an operator; 

a second specification accepting unit for reading out 
from the database and displaying all of the constituent 
components of the system type specified by the first 
specification, and for accepting from the operator information 
as to whether or not each of the constituent components being 
displayed is used in the syste m to be evaluated , as a second 
specification of each of the components constituting the 
sy s t e m to be evaluated ; 

a third specification accepting unit for reading out from 
the database and displaying the security countermeasures to be 
executed to the constituent components specified by the second 
specification, out of the constituent components of the system 
types specified by the first specification, and for accepting 
from the operator information as to whether or not each of the 
security countermeasures being displayed is executed; and 
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an evaluation unit for evaluating a state of security of 
the syste m to be evaluated , based on the information 
that regarding whether the security countermeasures of the 
constituent components are executed or not, the information 
being accepted by the third specification accepting unit, and 
for displaying evaluation results of the state of security. 

10. (Currently Amended) A method for supporting 
making f ormation of security countermeasures to be executed to 
a system constituted by at least one component by the use of 
an electronic computer, comprising steps of: 

a first step of accepting a first specification of a 
system to be supported and a second specification of each of 
the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
type of system types and of reading out the security 
countermeasures to be executed to the components constituting 
the syste m to be supported which are specified by the second 
specification, out of the constituent components of the system 
type , the system type corresponding to that of the syste m to 
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be supported which is specified by the first specification; 
and 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
in the second step in correspondence with each of the 
components constituting the system to be — supported which are 
specified by the second specification. 

11. (Currently Amended) A method for supporting the 
format ion m aking of security countermeasures as claimed in 
claim 10. wherein 

the database describes, as to each of the security 
countermeasures, a security type ensured by executing each of 
the security countermeasure concerned, and wherein 

the second step reads out from the database, the security 
countermeasures and their security types for each of the 
components constituting the system to be — supported which are 
specified by the second specification, out of the constituent 
components of the system type corresponding to that of the 
syste m to be supported which is specified by the first 
specification, and wherein 

the third step displays on the display unit the security 
countermeasures and their security types which are read out in 
the second step in correspondence with each of the components 
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constituting the syste m to be supported which are specified in 
the second specification. 

12. (Currently Amended) A method for supporting 
malcing f ormation of security count ermeasures as claimed in 
claim 10, wherein 

the database describes, as to each of the security 
countermeasures, a security level ensured by executing the 
security countermeasure concerned, and wherein 

the first step accepts from the operator via the. input 
unit a third specification of the security level to be applied 
to the system to bo oupportcd in addition to the first 
specification of the syste m to be oupportcd and the second 
specification of the components constituting the system, and 
wherein 

the second step reads out from the database the security 
countermeasures to be executed to the components constituting 
the system to be oupportcd which are specified by the second 
specification, out of the constituent components of the system 
type corresponding to that of the system to be oupportcd which 
is specified by the first specification, each of the security 
countermeasures having a level not higher than the security 
level specified by the third specification. 
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13. (Currently Amended) A method for supporting 
making f ormation of security countermeasures as claimed in 
claim 10, wherein 

the first step includes, 

steps of reading out all of the system types described in 
the database, displaying them on the display unit, and 
accepting from the operator via the input unit a specification 
of any one of the system types being displayed as the first 
specification of a syste m to be oupportcd , and 

steps of reading out from the database all of the 
constituent components of the system type specified by the 
first specification, displaying them on the display unit, and 
accepting from the operator via the input unit whether or not 
each of the constituent components being displayed is used in 
the system to be oupportcd , as the second specification of the 
components constituting the system to be supported . 

14. (Currently Amended) A storage medium in which a 
program for making an electronic computer support making 
formation of security countermeasures to be executed to a 
system constituted by at least one component is stored, the 
program making the electronic computer execute steps of: 

a first step of accepting a first specification of a 
system to be supported and a second specification of each of 
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the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
type of system typoo and of reading out security 
countermeasures to be executed to the components constituting 
the syste m to bo — supported which are specified by the second 
specification, out of the constituent components of the system 
type, the system type corresponding to that of the syste m to 
be supported which is specified by the first specification; 
and 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
in the second step in correspondence with each of the 
components constituting the syste m to be aupportcd which are 
specified by the second specification. 

15. (Currently Amended) A program for making an 
electronic computer support making format ion of security 
countermeasures to be executed to a system constituted by at 
least one component, the program making the electronic 
computer execute steps of: 
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a first step of accepting a first specification of a 
system to be supported and a second specification of each of 
the components constituting the system, from an operator via 
an input unit connected to the electronic computer; 

a second step of retrieving data from a database in which 
constituent components and security countermeasures to be 
executed to the constituent components are described for each 
of system types and of reading out security countermeasures to 
be executed to the components constituting the syste m to bo 
supported which are specified by the second specification, out 
of the constituent components of the system type, the system 
type corresponding to that of the system to be supported which 
is specified by the first specification; and 

a third step of displaying on a display unit connected to 
the electronic computer, the security countermeasures read out 
in the second step in correspondence with each of the 
components constituting the system to be supported which are 
specified by the second specification. 

16. (Currently Amended) A security construction support 
apparatus for supporting making f ormation of security 
countermeasures to be executed to a system constituted by at 
least one component, comprising: 
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a database in which constituent components and security 
countermeasures to be executed to the constituent components 
are described for each of system types; 

a first specification accepting unit for reading out all 
of system types described in the database to display them and 
accepting from an operator a specification of any one of the 
system types being displayed as a first specification of a 
system to be supported ; 

a second specification accepting unit for reading out 
from the database and displaying all of the constituent 
components of the system type specified by the first 
specification, and for accepting from an operator information 
as to whether or not each of the constituent components being 
displayed is used in the system to be supported as a second 
specification of each of the components constituting the 
system to be supported ; and 

a security countermeasure display unit for reading out 
from the database the security countermeasures to be executed 
to the constituent components specified by the second 
specification accepting unit, out of the constituent 
components of the system type specified by the first 
specification accepting unit, and for displaying them. 
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